MASTER DCV: A rate limit prevents DCV on all domains

Running into the following error on many domains MASTER DCV: A rate limit prevents DCV and cant find a way to resolve it. I can see issue attempts here but dont know what it means. Seems to be well below the limits i read about: https://crt.sh/?q=sveffoundation.org

Full log result at end of this post.

My domain is: sveffoundation.org

The operating system my web server runs on is (include version): cloudlinux 7

My hosting provider, if applicable, is: overhaulics

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): cpanel

LOG:

Log for the AutoSSL run for “sveffoun”: Thursday, January 7, 2021 1:51:13 AM GMT-0700 (Let’s Encrypt™)

1:51:13 AM AutoSSL’s configured provider is “Let’s Encrypt™”.

Analyzing “sveffoun”’s domains …

1:51:13 AM Analyzing “sveffoundation.org” (website) …

1:51:13 AM User-excluded domains: 8 (mail.sveffoundation.org, mail.sveffoundation.com, mail.sveffoundation.net, webmail.sveffoundation.org, cpanel.sveffoundation.org, webdisk.sveffoundation.org, cpcontacts.sveffoundation.org, cpcalendars.sveffoundation.org)

TLS Status: Ready for Renewal

WARN Certificate expiry: 1/19/21, 4:16 PM UTC (12.31 days from now)

1:51:13 AM Attempting to ensure the existence of necessary CAA records …

1:51:13 AM No CAA records were created.

1:51:13 AM Verifying 6 domains’ management status …

Verifying “Let’s Encrypt™”’s authorization on 6 domains via DNS CAA records …

1:51:13 AM “sveffoundation.org” is managed.

“www.sveffoundation.org” is managed.

“www.sveffoundation.com” is managed.

“www.sveffoundation.net” is managed.

CA authorized: “sveffoundation.net”

CA authorized: “www.sveffoundation.net”

CA authorized: “sveffoundation.org”

CA authorized: “www.sveffoundation.org”

“sveffoundation.net” is managed.

CA authorized: “sveffoundation.com”

CA authorized: “www.sveffoundation.com”

“Let’s Encrypt™” is authorized to issue certificates for 6 of this user’s 6 domains.

“sveffoundation.com” is managed.

All of this user’s 6 domains are managed.

1:51:13 AM Performing HTTP DCV (Domain Control Validation) on 6 domains …

1:51:13 AM Local HTTP DCV OK: sveffoundation.com

Local HTTP DCV OK: sveffoundation.net

Local HTTP DCV OK: sveffoundation.org

Local HTTP DCV OK: www.sveffoundation.com

Local HTTP DCV OK: www.sveffoundation.net

Local HTTP DCV OK: www.sveffoundation.org

1:51:13 AM No local DNS DCV is necessary.

1:51:13 AM Processing “sveffoun”’s local DCV results …

1:51:13 AM Analyzing “sveffoundation.org”’s DCV results …

1:51:14 AM WARN AutoSSL failed to create a new certificate order because the server’s Let’s Encrypt account (https://acme-v02.api.letsencrypt.org/acme/acct/108086802) has reached a rate limit. (429 urn:ietf:params:acme:error:rateLimited (The request exceeds a rate limit) (Error creating new order :: too many certificates already issued for exact set of domains: sveffoundation.com,sveffoundation.net,sveffoundation.org,www.sveffoundation.com,www.sveffoundation.net,www.sveffoundation.org: see https://letsencrypt.org/docs/rate-limits/)) You may contact Let’s Encrypt to request a change to this rate limit.

ERROR “Let’s Encrypt™” general error (sveffoundation.org): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (www.sveffoundation.org): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (sveffoundation.com): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (sveffoundation.net): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (www.sveffoundation.com): A rate limit prevents DCV.

ERROR “Let’s Encrypt™” general error (www.sveffoundation.net): A rate limit prevents DCV.

ERROR Impediment: TOTAL_DCV_FAILURE: Every domain failed DCV.

1:51:14 AM The system has completed “sveffoun”’s AutoSSL check.

You already have issued 5 identical certificates. Use one of those. See the rate limit documentation mentioned in the error message.

As far as I can tell I see no new certs on my server. It only shows the old expiring one. How would I use something it doesn't show? This may be the reason it keeps getting requested and not automatically applied. Maybe a cPanel issue?

Could very well be, but I don't know anything about cPanel as I don't have any experience with it. Maybe someone else does. It might even be the cPanel forum is a better place to debug this, as (as far as I know) there isn't much experience with cPanel on this Community in general.

Welcome to the Let's Encrypt Community, Kyle

I use cPanel for most of my websites. Did you go to the Security section in cPanel, click to manage your certificates, then click install for one of your recent certificates?

I have always used Lets Encrypt as my Auto SSL in WHM and have never had to touch a thing inside cPanel itself when installing. If a domain is live it just adds an SSL automatically.

This is what I see in cpanel: https://www.loom.com/share/9754debd28a14a7ba2423c459de9fc3d

Just the self signed and expiring cert. None of the supposed 5 new ones are available. If I click update it just populates with the current cert with a warning that its expiring soon.

When you clicked Browse Certificates, did you see the link to the "Certificates" page?

Yes, it shows the same ones as before. A - Self Signed - Expiring 10/20/21 and one Let's Encrypt - Expiring 1/19/21. Nothing else.

Odd. Your certificate history certainly indicates that you have acquired more than a few certificates. Where did they go?

Oh! You're using Cloudflare. That's a different animal entirely. You would be much better off using Cloudflare Origin CA certificates rather than Let's Encrypt certificates because they last much longer and are easier to manage.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.